Source code
Revision control
Copy as Markdown
Other Tools
From 09ab885d80c5fa97c2c5a14141afbfaffbbb0db3 Mon Sep 17 00:00:00 2001
From: Jonathan Kew <jkew@mozilla.com>
Date: Wed, 22 Apr 2026 13:00:22 -0700
Subject: [PATCH 25/29] Range-check FDSelect value during CFF subsetting
---
src/cairo-cff-subset.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/cairo-cff-subset.c b/src/cairo-cff-subset.c
index 5a54c091a..a725c726d 100644
--- a/src/cairo-cff-subset.c
+++ b/src/cairo-cff-subset.c
@@ -1876,6 +1876,10 @@ cairo_cff_font_subset_fontdict (cairo_cff_font_t *font)
}
fd = font->fdselect[gid];
+ if (fd < 0 || (unsigned int) fd >= font->num_fontdicts) {
+ free (reverse_map);
+ return CAIRO_INT_STATUS_UNSUPPORTED;
+ }
if (reverse_map[fd] < 0) {
font->fd_subset_map[font->num_subset_fontdicts] = fd;
reverse_map[fd] = font->num_subset_fontdicts++;
--
2.53.0